CVE-2018-19519

Published: Nov 25, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.

Affected (1)

Products: Tcpdump: Tcpdump

Tcpdump

1 product

Tcpdump

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tcpdump Tcpdump	Version 4.9.2

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-909

Missing Initialization of Resource

The product does not initialize a critical resource.

References (18)

http://www.securityfocus.com/bid/106098

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:3976

Source: cve@mitre.org

https://github.com/zyingp/temp/blob/master/tcpdump.md

Source: cve@mitre.org

ExploitMitigationThird Party Advisory

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/

Source: cve@mitre.org

https://usn.ubuntu.com/4252-1/

Source: cve@mitre.org

https://usn.ubuntu.com/4252-2/

Source: cve@mitre.org

http://www.securityfocus.com/bid/106098